Thursday, February 18, 2010

on 18-Feb-2010 :: NetWitness reported 'Kneber Botnet' {CRITICAL}

On 18-Feb-2010; NetWitness has reported of new malware 'Kneber botnet';

its a variant of Zeus and mainly target stealing Credentials, Key-logging, etc.

... has affected more than 2500 organizations;

... currently no IPS/IDS have adequate signatures detecting it.

... it can also act with other malwares, fav noticed is Waledac (a P2P Trojan)



[] A try to check if Machine is infected by a Kneber (Zeus Variant), is

        The registry key can be found by following this path, he said:

        HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit

        normally will have an entry like "C:\WINDOWS\system32\userinit.exe,"
        ZeuS will add itself to the list, typically as 'ntos.'
        But could always change its name; so if any un-relevant entries found here... may be machine is infected.

        If any more entries found, or suspicion is there scan the file listed here.


[] Its suggested to patch all latest MS10-* and Adobe releases on all the machines;
    and as always not open suspicious e-mails
   
   
[]NetWitness said that Kneber was primarily found on corporate and government computers, however home users are likely to attract the infestation as well.
   



[] more details @

*** http://www.netwitness.com/resources/pressreleases/feb182010.aspx ***

http://www.networkworld.com/news/2010/021810-kneber-botnet-faq.html?hpg1=bn

http://www.nytimes.com/2010/02/19/technology/19cyber.html?em

http://www.technewsworld.com/rsstory/69372.html